Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-11358 | 4.3 |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
|
16-02-2024 - 16:32 | 20-04-2019 - 00:29 | |
CVE-2020-2099 | 7.5 |
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
CVE-2020-2104 | 4.0 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
CVE-2020-2100 | 5.0 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
CVE-2020-2103 | 4.0 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
CVE-2020-2102 | 3.5 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
CVE-2020-2101 | 3.5 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
CVE-2020-2105 | 4.3 |
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 |